- This topic has 7 replies, 3 voices, and was last updated 4 years, 1 month ago by
.
-
Posts
-
With the upgrade to ThinOS 8.5_012/017 my users are getting locked out from active directory after only 1 invalid password attempt. (We are set to lock out after 3 attempts). Has anyone else experienced this issue? has ThinOS changed the way it tries to authenticate to RDP and is retrying multiple times?
SessionConfig=RDP \
EnableGFX=yes \
EnableRFX=yes \
EnableNla=yes;*************************************************************
; Default RDP Connection
;*************************************************************
Connect=RDP \
Host=SERVER \
Description=”LOGIN” \
Domainname=”DOMAIN” \
Fullscreen=yes \
AutoConnect=yes \
KeepAlive=5 \
Lowband=yes \
Smartcards=yes \
Mapdisks=yes \
Rdp_No_Animation=yes \
Rdp_No_Dragging=yes \
Rdp_No_Fontsmoothing=no \
Rdp_No_Theme=yes \
Rdp_No_Wallpaper=yesEdit: Forgot to mention that I am noticing this primarily on Wyse 3030LT clients, though I haven’t tested with our newer 5060’s
Hi,
With my dell wyse 3040 thinclients, I’m facing the same problem.
When we now enter a wrong password to the login prompt of the Wyse RDP session, the user is immediate locked out on our domain controller.
When I however login from a windows RDP session to the same server, I can make 5 mistakes before the account is locked out, this is expected behavior, as this is set in GPO.
Any idea what could be causing this?
Kind regards,
Jimmy
—————————-
ThinOS: 8.6.013
RDS Server: Windows Server 2019
—————————-
ThinClients are managed by FTP wnos.ini.
;*************************************************************
;* *
;* This wnos.ini file was generated with the *
;* Configuration Generator 8.4.05 *
;* Copyright by Thomas Moellerbernd *
;* *
;* https://technicalhelp.de *
;* *
;*************************************************************Include=WYSE_TERMINAL_PRECONFIG_$TN.ini
;*************************************************************
;* General 1 *
;*************************************************************autoload=0
;*************************************************************
;* General 2 *
;*************************************************************Fastdisconnect=yes CtrlKey=yes
reboot=yes Time=02:00
EnableGKey=yes;*************************************************************
;* General 3 *
;*************************************************************NoticeFile=LegalNotice.txt Resizable=yes Timeout=60 Title=”LEGAL NOTICE” ButtonCaption=Ok
Autopower=yes
AutoSignoff=yes
SysMode=VDI toolbardelay=4
ShutdownInfo=yes;*************************************************************
;* Privilege *
;*************************************************************Privilege=Low Lockdown=yes HideSysInfo=yes HidePPP=yes HidePN=yes HideConnectionManager=yes KeepDHCPRequestIP=yes DisableNetworkOptions=yes EnableSystemPreferences=No DisableTerminalName=yes DisableChangeDateTime=yes HideWlanScan=yes EnableNewConnection=No
;*************************************************************
;* Peripherals *
;*************************************************************Language=Nl_be ManualOverride=yes
MouseNewSpeed=5
Device=Mouse Speed=5;*************************************************************
;* Display *
;*************************************************************; If you are Using a version Of WTOS code < 7.0.1_13 please use:
; Resolution=DDC Refresh=
Screen=1 Resolution=DDC
Screen=2 Resolution=DDC
Desktop=CFGDesktop.jpg
ZeroTheme=VDI;*************************************************************
;* Redirection *
;*************************************************************## Device=vusb ForceRedirect=0x0461,0x4e22,0x03,0x01,0x02
;*************************************************************
;* Time *
;*************************************************************Timeserver=DC01.local.ad Timeformat=”24-hour format” Dateformat=dd/mm/yyyy
TimeZone=’GMT + 01:00′ ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName=”Romance” DayLightName=”Romance”;*************************************************************
;* Network *
;*************************************************************Device=Ethernet Speed=”Auto” ClearNameServersByDHCP=yes
Device=NIC Default=ENET
#WirelessWaitEnet=6
; If you are using a version of WTOS code < 7.1_133 please use:
; RapportDisable= instead of WDMService=
WDMService=Yes
WakeOnLan=yes
SignOn=No ConnectionManager=Minimize EnableOK=Yes DisableGuest=yes LastUsername=yes SaveLastDomainUser=Yes DefaultINI=common_user.ini DisableEditDomain=yesDomainList=”local”
PasswordServer=RDP AccountSelfService=yes Connect=RDPMaxVNCD=1
VncPassword=”pass”
VncPrompt=No;EnetUp
;*************************************************************
;* Include *
;*************************************************************Include=$mac.ini
Include=WYSE_TERMINAL_$TN.ini
;*************************************************************
;* RDP *
;*************************************************************SessionConfig=RDP DefaultColor=2 EnableVOR=no USBRedirection=RDP
;————————————————————-
;- RDP Session 1 –
;- Each line but the last must end with a ‘\’ –
;————————————————————-CONNECT=RDP \
Host=RDS \
Description=” RDS (remote desktop services)” \
Icon=VK.ico \
AutoConnect=no \
Fullscreen=yes \
Rdp_No_Wallpaper=yes \
Rdp_No_Dragging=yes \
Rdp_No_Animation=yes \
Rdp_No_Theme=yes \
Rdp_No_Fontsmoothing=yes \
LowBand=yes \
Domainname=local \
UnmapSerials=yes \
Disablesound=No \
LocalCopy=noLog from the domain controller (C:\Windows\debug\netlogon.log):
08/04 09:06:11 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Entered
08/04 09:06:11 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Returns 0x008/04 09:06:22 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Entered
08/04 09:06:22 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Returns 0xC000006A08/04 09:06:29 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Entered
08/04 09:06:29 [LOGON] [688] LOCAL: SamLogon: Transitive Network logon of local\test_user from (via RDS) Returns 0xC0000234(*) Password and domain where edited.
With version 8.6_412, the account doesn’t lock out after the first 4 attempts, and is now following the GPO Policy, this is solved now.
However I introduced with the upgrade a new problem:
After entering credentials, before RDP login, I get following warning on the client:
The certificate authority is invalid or incorrect.
The host name in the certificate is invalid or does not match.
(date+time from the Thin client is also verified)
With firmware 8.6_412:
I’ve found out that, when the RDP host name exact matches the server FQDN, then there is no warning message.
Is there an option that we can use a DNS name that doens’t match the Server FQDN?
Kind regards
- You must be logged in to reply to this topic.